CVE-2026-2526
Unknown Unknown - Not Provided
Remote Command Injection in Wavlink WL-WN579A3 multi_ssid Function

Publication date: 2026-02-16

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-16
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-16
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2526
EUVD
EUVD-2026-6135
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wavlink wl-wn579a3_firmware to 2021-02-19 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2526 is a command injection vulnerability found in the Wavlink WL-WN579A3 wireless router firmware up to version 20210219.

The flaw exists in the multi_ssid function within the /cgi-bin/wireless.cgi file, specifically in the handling of the SSID2G2 parameter.

An attacker can manipulate the SSID2G2 argument with crafted input to inject arbitrary commands, which the device improperly neutralizes.

This vulnerability allows remote attackers to execute commands on the device without authentication.

The exploit has been publicly disclosed and is available in public repositories.

Impact Analysis

This vulnerability impacts the confidentiality, integrity, and availability of the affected device.

Because it allows remote command execution without authentication, an attacker can take control of the router remotely.

Such control could lead to unauthorized access to network traffic, disruption of network services, or use of the device as a foothold for further attacks.

There are no known countermeasures or vendor patches, so the affected device should be replaced to mitigate risk.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the Wavlink WL-WN579A3 router is running firmware version up to 20210219 and if the /cgi-bin/wireless.cgi endpoint is accessible.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves command injection via the SSID2G2 parameter, detection can involve sending crafted HTTP requests to the /cgi-bin/wireless.cgi endpoint with manipulated SSID2G2 values and observing if arbitrary commands are executed.'}, {'type': 'paragraph', 'content': 'No specific detection commands are provided in the resources, but network administrators can use tools like curl or wget to send test requests, for example:'}, {'type': 'list_item', 'content': 'curl -v "http://<router-ip>/cgi-bin/wireless.cgi?SSID2G2=;id"'}, {'type': 'list_item', 'content': 'curl -v "http://<router-ip>/cgi-bin/wireless.cgi?SSID2G2=;uname -a"'}, {'type': 'paragraph', 'content': 'If the response contains output from these commands (like system information), it indicates the device is vulnerable.'}] [1, 2]

Mitigation Strategies

There are no known countermeasures or patches available from the vendor, as Wavlink did not respond to the vulnerability disclosure.

The recommended immediate mitigation is to replace the affected device with a non-vulnerable model.

Additionally, network administrators should consider isolating the vulnerable device from untrusted networks and monitoring for suspicious activity targeting the /cgi-bin/wireless.cgi endpoint.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2526. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart